keyserver-fs/README.md

# Using PGP keyservers for decentralised file storage
    
### This is a proof of concept for educational use only!

WARNING: this may break easily and is intended for use only on linux, & only for educational purposes.  

So this basically works because you can have a UID(email address) that is 2048 characters in your PGP key, and from what I understand an unlimited amount of UIDs, perfect for dumping data on to the key-servers, Adding UIDs is a slow process by hand so I automated it using python, so you could dump any kind of file on the key servers. With some simple modifications you can dump plain text on to the key-servers containing any content you choose and watch it propagate through all the key-servers around the world. Once that has completed, the data is essentially impossible to be removed as said by the sks key-server Maintainer himself [Kristian Fiskerstrand](https://blog.sumptuouscapital.com/2016/03/openpgp-certificates-can-not-be-deleted-from-keyservers/).

I wrote this because I think this characteristic of key-servers is actually dangerous, for example someone could upload leaked data and it would be spread around the world and accessible by anyone and unstoppable, how would this situation be dealt with?

### Which Parts of the GDPR this might be affected by:  

I would be happy for people to make pull requests to add information they think is relevant to this.  

You can also join in the discussion in the comments of an [article](https://medium.com/@mdrahony/are-pgp-key-servers-breaking-the-law-under-the-gdpr-a81ddd709d3e) I wrote to accompany this project.  

I have moved this section to a separate document [GDPR and its effects](https://github.com/yakamok/keyserver-fs/blob/master/GDPR.md)  

### Usage 

__Notice:__ This Program is very slow to add data to the gpg pubkey so don't plan on super large files.  

### upload-text-file.py

Usage: python upload-text-file.py plain-text-file.txt  
One thing to note, is the text will not appear ordered, so don't expect a long rant to appear as you want it to.  
Also character length of each line should not exceed 2000 or the key will break and be unusable.  

### upload-file.py

Usage: python upload-file.py <file>  
Data can take between 3-10mins before it appears on the server so don't be surprised if the link you're given does not work straight away.  
Requirements: gnupg2, pinentry  

### download-keyserv.py

Usage: python download-keyserv.py "http://eu.pool.sks-keyservers.net/pks/lookup?search=WCNGKCCWBE@UMKVS.jpg&op=index"  
Requirements: python-bs4  

The first of the uid(email) is numeric to stand for the order of the base64 string so we can be put it together again in the correct order, then the second part is simply a set chunk of binary data converted to base64.  

First of all had to test how many chars could be put in the uid, turns out after some testing just a little over 2040. Once you enter more than this the key becomes invalid and you have to reset your pubkey. Through some trial and error decided to stick with a safe number 1741 chars long. Once you split the binary data into 1305Byte chunks and convert it to base64 it comes to 1741 chars in length. 

Key deletion was added after upload is completed as the keys are no longer needed.  

### Test file

For those who would like to test already uploaded data, i have placed a test file here:  
http://eu.pool.sks-keyservers.net/pks/lookup?search=WCNGKCCWBE@UMKVS.jpg&op=index  

### unpublished 

I wrote a version of this using OpenMPI to see what kind of scale this could be used on, it's very simple to implement and would allow a user to upload incredible amounts of data to all the key-servers.  

In theory it would be possible with the use of proxies and possibly tor to continually upload all kinds of illegal or sensitive data 24hrs a day accross all key-servers making it impossible to control or remove this data.

This is just a proof of concept and a discussion on the potential problems of key-servers in their current form!

DO NOT USE THIS TO DO ANYTHING ILLEGAL

### Notes

Why did i not use GPGME?  
Simply because it has some kind of memory leak which is only noticable when submitting 100s of UIDs into a PGP key, then it crashes after all memory has been eaten up. I do not know if this has been fixed in recent issues if it has then its possible to write the data to the PGP key much faster than the above python code is currently able to.
Update README.md 2018-05-28 21:57:45 +01:00			`# Using PGP keyservers for decentralised file storage`
Update README.md 2018-05-28 21:47:11 +01:00
Update README.md 2018-07-04 00:46:32 +01:00			`### This is a proof of concept for educational use only!`
Update README.md 2018-05-28 21:47:11 +01:00
			`WARNING: this may break easily and is intended for use only on linux, & only for educational purposes.`

spelling etc 2018-12-08 03:30:30 +00:00			So this basically works because you can have a UID(email address) that is 2048 characters in your PGP key, and from what I understand an unlimited amount of UIDs, perfect for dumping data on to the key-servers, Adding UIDs is a slow process by hand so I automated it using python, so you could dump any kind of file on the key servers. With some simple modifications you can dump plain text on to the key-servers containing any content you choose and watch it propagate through all the key-servers around the world. Once that has completed, the data is essentially impossible to be removed as said by the sks key-server Maintainer himself [Kristian Fiskerstrand](https://blog.sumptuouscapital.com/2016/03/openpgp-certificates-can-not-be-deleted-from-keyservers/).
Update README.md 2018-05-28 21:47:11 +01:00
spelling etc 2018-12-08 03:30:30 +00:00			`I wrote this because I think this characteristic of key-servers is actually dangerous, for example someone could upload leaked data and it would be spread around the world and accessible by anyone and unstoppable, how would this situation be dealt with?`
Update README.md 2018-07-04 00:46:32 +01:00
spelling etc 2018-12-08 03:30:30 +00:00			`### Which Parts of the GDPR this might be affected by:`
Update README.md 2018-07-04 20:35:15 +01:00
spelling etc 2018-12-08 03:30:30 +00:00			`I would be happy for people to make pull requests to add information they think is relevant to this.`
Update README.md 2018-07-04 20:35:15 +01:00
spelling etc 2018-12-08 03:30:30 +00:00			`You can also join in the discussion in the comments of an [article](https://medium.com/@mdrahony/are-pgp-key-servers-breaking-the-law-under-the-gdpr-a81ddd709d3e) I wrote to accompany this project.`
add link to article on medium 2018-07-06 22:13:24 +01:00
spelling etc 2018-12-08 03:30:30 +00:00			`I have moved this section to a separate document [GDPR and its effects](https://github.com/yakamok/keyserver-fs/blob/master/GDPR.md)`
Update README.md 2018-07-04 20:35:15 +01:00
Update README.md 2018-07-06 18:43:17 +01:00			`### Usage`
Update README.md 2018-07-04 20:35:15 +01:00
spelling etc 2018-12-08 03:30:30 +00:00			`__Notice:__ This Program is very slow to add data to the gpg pubkey so don't plan on super large files.`
Update README.md 2018-05-30 23:30:43 +01:00
Update README.md 2018-07-13 00:17:46 +01:00			`### upload-text-file.py`

			`Usage: python upload-text-file.py plain-text-file.txt`
			`One thing to note, is the text will not appear ordered, so don't expect a long rant to appear as you want it to.`
spelling etc 2018-12-08 03:30:30 +00:00			`Also character length of each line should not exceed 2000 or the key will break and be unusable.`
Update README.md 2018-07-13 00:17:46 +01:00
Update README.md 2018-05-28 21:42:10 +01:00			`### upload-file.py`

Update README.md 2018-05-28 15:09:11 +01:00			`Usage: python upload-file.py <file>`
spelling etc 2018-12-08 03:30:30 +00:00			`Data can take between 3-10mins before it appears on the server so don't be surprised if the link you're given does not work straight away.`
Update README.md 2018-05-28 22:09:50 +01:00			`Requirements: gnupg2, pinentry`
Update README.md 2018-05-28 15:09:11 +01:00
Update README.md 2018-05-28 21:42:10 +01:00			`### download-keyserv.py`

			`Usage: python download-keyserv.py "http://eu.pool.sks-keyservers.net/pks/lookup?search=WCNGKCCWBE@UMKVS.jpg&op=index"`
Update README.md 2018-05-28 21:54:21 +01:00			`Requirements: python-bs4`
Update README.md 2018-05-28 12:42:31 +01:00
			`The first of the uid(email) is numeric to stand for the order of the base64 string so we can be put it together again in the correct order, then the second part is simply a set chunk of binary data converted to base64.`
Update README.md 2018-05-28 12:54:02 +01:00
			`First of all had to test how many chars could be put in the uid, turns out after some testing just a little over 2040. Once you enter more than this the key becomes invalid and you have to reset your pubkey. Through some trial and error decided to stick with a safe number 1741 chars long. Once you split the binary data into 1305Byte chunks and convert it to base64 it comes to 1741 chars in length.`
Update README.md 2018-05-28 15:16:42 +01:00
Update README.md 2018-05-28 19:54:10 +01:00			`Key deletion was added after upload is completed as the keys are no longer needed.`

Update README.md 2018-05-28 21:47:11 +01:00			`### Test file`
Update README.md 2018-05-28 15:29:20 +01:00
			`For those who would like to test already uploaded data, i have placed a test file here:`
Update README.md 2018-05-28 20:23:40 +01:00			`http://eu.pool.sks-keyservers.net/pks/lookup?search=WCNGKCCWBE@UMKVS.jpg&op=index`
Update README.md 2018-07-04 00:46:32 +01:00
			`### unpublished`

spelling etc 2018-12-08 03:30:30 +00:00			`I wrote a version of this using OpenMPI to see what kind of scale this could be used on, it's very simple to implement and would allow a user to upload incredible amounts of data to all the key-servers.`
Update README.md 2018-07-04 00:46:32 +01:00
spelling etc 2018-12-08 03:30:30 +00:00			`In theory it would be possible with the use of proxies and possibly tor to continually upload all kinds of illegal or sensitive data 24hrs a day accross all key-servers making it impossible to control or remove this data.`
Update README.md 2018-07-04 00:46:32 +01:00
			`This is just a proof of concept and a discussion on the potential problems of key-servers in their current form!`

			`DO NOT USE THIS TO DO ANYTHING ILLEGAL`

			`### Notes`

spelling etc 2018-12-08 03:30:30 +00:00			`Why did i not use GPGME?`
			`Simply because it has some kind of memory leak which is only noticable when submitting 100s of UIDs into a PGP key, then it crashes after all memory has been eaten up. I do not know if this has been fixed in recent issues if it has then its possible to write the data to the PGP key much faster than the above python code is currently able to.`